Allscripts Ransomware Update: Outages Expected through Monday

Updating a report from Friday, Jan. 19, the Chicago-based Allscripts, one of the most prevalent EHR (electronic health record) vendors in the world, is still working to restore some of its IT systems following a ransomware attack last week.

As conveyed on Friday, Allscripts acknowledged that it has been investigating a ransomware incident that impacted a “limited number of its applications” hosted at the company’s data centers in Raleigh and Charlotte, North Carolina.

According to a report this weekend from security news site CSO Online, Allscripts’ director of information security said in a conference call that the company’s Professional EHR platform and its e-prescribing systems were hit the hardest by the attack, but they weren’t the only services that were impacted. The report stated that the vendor’s “direct messaging and some CCDA [Consolidated Clinical Document Architecture] functionality” had availability issues as well, but have since been restored. The conference call, which took place on Saturday, also revealed that Allscripts’ e-prescribing services had been restored while IT folks were working to get the Pro EHR platform back up.

Nonetheless, outages are expected to continue throughout the day on Monday, while the company’s recovery strategy “is focused on getting data restored via backups and alternative access methods,” according to the report.

The ransomware attack, which struck in the very early morning on Jan. 18, required that incident response teams from Microsoft and Cisco be called in to help. Backup systems were not affected by the incident, according to Allscripts, which said that minimal, if any, data loss is to be expected as the systems get back online.

Interestingly, the type of ransomware used in the attack—SamSam ransomware—was the same one used in an attack on Hancock Health, a health system based in Greenfield, Indiana, earlier this month. As Healthcare Informaticsreported at the time of that incident, health system officials shut down the entire Hancock Health network and eventually paid the hacker a bitcoin ransom in the amount of $55,000.

The SamSam ransomware was also used in the infamous attack on the 10-hospital, Columbia, Md.-based MedStar Health integrated health system in March 2016. In fact, a report in Bleeping Computer noted that other reported attacks that involved the use of the SamSam virus include: Adams Memorial Hospital in Decatur, Indiana; the municipality of Farmington, New Mexico; and an unnamed ICS (Industrial Control Systems) company in the U.S.

According to an April 2016 blog from Mountain View, Calif.-based security vendor Symantec, “Samsam, unlike more conventional ransomware, is not delivered through drive-by-downloads or emails. Instead, the attackers behind Samsam use tools such as Jexboss to identify unpatched servers running Red Hat’s JBoss enterprise products. Once the attackers have successfully gained entry into one of these servers by exploiting vulnerabilities in JBoss, they use other freely available tools and scripts to collect credentials and gather information on networked computers. Then they deploy their ransomware to encrypt files on these systems before demanding a ransom.”

However, CSO Online’s report stated that Allscripts said that the ransomware appeared to be a “commodity malware and that the company wasn’t directly targeted.”

Allscripts’ systems are said to serve some 180,000 physicians and 2,500 hospitals. It is unclear if the company paid any ransom.

News

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.